Bug 1633360 - Allow admin to opt-out from the Brute-force attack protection
Summary: Allow admin to opt-out from the Brute-force attack protection
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Security
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: Released
Assignee: Marek Hulan
QA Contact: Jan Hutař
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-09-26 19:25 UTC by Jan Hutař
Modified: 2019-10-07 17:19 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-14 12:38:11 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1222 None None None 2019-05-14 12:38:19 UTC
Foreman Issue Tracker 22778 None None None 2018-09-26 19:39:14 UTC

Description Jan Hutař 2018-09-26 19:25:08 UTC
Description of problem:
Implementation of http://projects.theforeman.org/issues/4238 introduced a BFA protection, however this is not configurable at all (enable/disable, number of retries, blacklist timeout, etc.).

It would be beneficial, if I as an admin had a way of configure or completely disable the feature.


Version-Release number of selected component (if applicable):
satellite-6.4.0-15.el7sat.noarch


How reproducible:
always


Steps to Reproduce:
1. Go to Administer -> Settings and search for "failed_login_attempts_limit"


Actual results:
It is not there


Expected results:
It should be there

Comment 5 pm-sat@redhat.com 2018-09-26 20:04:05 UTC
Upstream bug assigned to mhulan@redhat.com

Comment 6 pm-sat@redhat.com 2018-09-26 20:04:08 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/22778 has been resolved.

Comment 7 Djebran Lezzoum 2018-10-08 08:11:14 UTC
put qe_ack + , as this an important fix (adding the ability to disable or to fine tune the number of attempts of authenticated login to be considered as Brute-force attack) for the Brute-force attack protection

Comment 15 errata-xmlrpc 2019-05-14 12:38:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222


Note You need to log in before you can comment on or make changes to this bug.